CSA PROGRAM AUDITS:
Understanding Internal Controls in CSA ProgramsPresented by
Stephanie Bacote and Annette Larkin
March 2019
Place Ice Breaker Here
2
CSA Program AuditsIntroduction: Ice Breaker
Office of Comprehensive Services, April 2013
Purpose:
To educate participants on the definition of internal controls, the
organizational responsibility for establishing an internal control
structure, and the various types of control activities.
Objective:
In a classroom setting, participants will recognize their role in the
internal control structure within their locally administered CSA
program.
3
Introduction: Purpose and Objectives
Office of Children’s Services, Mach 2017
4
Understanding Internal Controls in CSA
5
Understanding Internal Controls in CSA
What are Internal Controls?
Internal controls are steps taken to provide reasonable
assurance that the following objectives are met:
•Assets are safeguarded,
•Reliable information/data,
•Effective and efficient operations, and
•Compliance with applicable laws, regulations,
policies, procedures, contracts, etc.
Fundamental Concepts of Internal Controls
6
Understanding Internal Controls in CSA
1. Internal Controls are processes, a means to an end, not an end in itself.
2. Internal Controls are effected by people, not merely policy manuals and
forms but people at every level of the organization.
3. Internal Controls are geared to the achievement of objectives.
4. Internal Controls can be expected to provide only reasonable
assurance, not absolute assurance.
7
Understanding Internal Controls in CSA
Reasonable Assurance
The cost of achieving internal control objectives should not exceed its benefit
Hard Controls
Policy/procedures
Organization structure
Formal processes
Centralized decision
making
Soft Controls
Competence
Trust
Shared values
Strong leadership
High expectations
Openness
High ethical standards
8
Understanding Internal Controls in CSA
CATEGORIES of CONTROLS
Who is responsible for compliance with Internal Controls?
All STAKEHOLDERS are responsible for compliance with
Internal Controls.
9
Understanding Internal Controls in CSA
10
Understanding Internal Controls in CSA
Five Components of Internal Controls © 1992 Committee of Sponsoring Organizations of the Treadway Commission.
Control
Environment
Risk Assessment
Information &
Communication
Monitoring
Control Activities
11
Understanding Internal Controls in CSA
What is the Control Environment?
Atmosphere reflecting underlying CSA values as directed
and communicated by the Community Policy and
Management Team. Examples:
• Code of Ethics
• Mission Statement
• Goals and Objectives
• Strategic Plan/ Long Range Plan
• Sets a positive “tone at the top”
• Hires and retain competent people
• Fosters integrity and control consciousness
• Formalize and clearly communicates policies and procedures
resulting in...
12
Understanding Internal Controls in CSA
Organizations with an Effective
Control Environment
13
Shared Values and Teamwork
Understanding Internal Controls in CSA
– Identification: Significant condition resulting from no action being taken, the wrong action being taken, or the right action not taken in a timely manner . Instruments to aid the process may include community needs assessment required for social services and court services grant applications, CSA Gap Survey, local agency utilization management reports, etc.
– Analysis: Assessing the likelihood of occurrence and potential impact to the program.
– Management: Steps taken to prevent losses or reduce the impact of a loss occurring
14
Understanding Internal Controls in CSA
What is a Risk Assessment? The identification and analysis of relevant risks that may prevent an entity from
achieving objectives, includes three primary components:
15
EXPOSURE RISK EXPECTED
LOSS* * =
Analysis of Risk
THREAT
Understanding Internal Controls in CSA
16
THREAT EXPOSURE
RISK
EXPECTED
LOSS* * =INTERNAL
CONTROLS
Management of Risk
Understanding Internal Controls in CSA
1. Financial
2. Legal Liability
3. Regulatory Compliance
4. Organizational Image
5. Organization-Specific
17
10 Critical Organizational Risks
6. Data Integrity and Reliability
7. Confidentiality of Data
8. Safeguarding Proprietary Data
9. Contingency Planning
10. Operations
Understanding Internal Controls in CSA
• Policies, procedures, and practices for managing significant risk that assures
management’s directives are carried out.
• Types of Control Activities
18
Detective CorrectivePreventive
Understanding Internal Controls in CSA
What are Control Activities?
19
Examples of Control Activities
Understanding Internal Controls in CSA
• Preventive Controls:
- Segregation of duties
- Proper authorization (verification and approvals)
- Limiting access to files and systems
• Detective Controls:
- Performance reviews
- Exception Reports
- Reconciliation
• Corrective:
- Corrective Action Plans
- Recoupment of Funds
- Legal Action
Segregation of Duties
20
Authorization CustodyRecording
Understanding Internal Controls in CSA
• Is the information Accurate?
• Is the information Complete?
• Are the operations Efficient?
21
Verification: Be an reviewer of reports
Understanding Internal Controls in CSA
ApprovalsCertain activities or transactions require supervisor approval.
22
Understanding Internal Controls in CSA
• Depends on the risk assessment.
• High risk activities should be approved by senior management.
• Approval means that the approver has reviewed the supporting
documentation and is satisfied that the transaction is appropriate.
23
.
Security of Assets- restrict access to assets and
information to authorized personnel
CSA Case Files CSA
Classified
information
Understanding Internal Controls in CSA
24
.
Review of Operating Performance
Reconciliations
Understanding Internal Controls in CSA
Systems for capturing and communicating relevant information
in a timely manner:
– Maintain clear and open lines of communication
– Understand your role in the internal control system
– Move important information to the top of the organization
25
What is Information and Communication?
Understanding Internal Controls in CSA
26
What is Monitoring?
Understanding Internal Controls in CSA
• The assessment of internal control performance over time to determine whether
internal control is adequately designed, properly executed, and effective.
• Ongoing supervisory activities lessen the need for separate evaluations
• Periodic evaluations (self-assessment, peer review, internal/external audits)
Examples of Monitoring Activities
CSA Coordinator FAPT CPMT
Monitors own work to ensure it is
being done properly; complying with
internal /external policies and
procedures, correct errors identified,
detect and communicate problems
with existing policies and procedures;
and report changes in their immediate
internal and external environments
Monitoring focus should be on
ensuring that control activities are
functioning properly; the families
being served are accomplishing goals;
communication is open and sufficient;
and risks and opportunities are
identified and properly addressed.
Monitoring responsibilities should
cover the review of how well controls
are functioning fiscally and
programmatically for the local CSA
program. Therefore, the CPMT shall
manage the cooperative effort in each
community to better serve the needs
of troubled and at-risk youths and
their families and to maximize the use
of state and community resources.
27Office of Comprehensive Services, April 2013
.
Understanding Internal Controls in CSA
Internal Control Weakness vs. Non-Compliance Observation
What’s the Difference?
28
Internal Control Weakness V
E
R
S
U
S
Non-Compliance Observation
Ineffective processes that may
adversely impact the program’s
ability to achieve desired
strategic, financial, operational,
reporting, compliance, and
stewardship objectives.
An organization’s failure to
fulfill specific requirements as
stated in established laws,
regulations, policies, and
procedures.
Understanding Internal Controls in CSA
Internal Control Weakness vs. Non-Compliance Observation
Important to Remember
Non-compliance itself can be an internal
control weakness.
29
Understanding Internal Controls in CSA
• Internal controls are steps taken to provide reasonable , not absolute, assurance that
organizational objectives are achieved.
• Cost of achieving the internal control objectives should not exceed its benefit
• All STAKEHOLDERS are responsible for compliance with internal controls
• Five components of Internal Controls:
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
30
Understanding Internal Controls in CSA - Summary
31
Understanding Internal Controls in CSA
Stephanie S. Bacote, CIGA
CSA Program Audit Manager
Phone: (804) 662-7441
Email: [email protected]
or
Annette E. Larkin, MBA
CSA Program Auditor
Phone: (804) 662-9816
Email: [email protected]
Office of Children’s Services, 1604 Santa Rosa Rd, Suite 137, Richmond, VA 23229
32
CSA Program AuditsContact Information